EUVD-2024-52774

Malicious code in bioql PyPI...

D-Link DIR-823X 安全漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command execution vulnerability that can be exploited by an attacker to cause code execution due to the setcassword settings interface not filtering special characters in the httpcasswd parameter...

spamassassin: Fix of 2 CVEs

CVE-2020-1930: fix command-execution vulnerability in SpamAssassin .cf parsing - CVE-2020-1931: fix command-execution vulnerability in SpamAssassin .cf parsing...

CLSA-2025-1758728428 spamassassin: Fix of 2 CVEs

CVE-2020-1930: fix command-execution vulnerability in SpamAssassin .cf parsing - CVE-2020-1931: fix command-execution vulnerability in SpamAssassin .cf parsing...

CVE-2025-38658 nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails

In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmetreqinit fails Have nvmetreqinit and req-execute complete failed commands. Description of the problem: nvmetreqinit calls nvmetreqcomplete internally upon failure, e.g.,...

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RHEL 9 : golang (RHSA-2025:13936)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13936 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For...

Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

RHEL 10 : golang (RHSA-2025:13941)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13941 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For...

RHEL 9 : golang (RHSA-2025:13935)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13935 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For...

CVE-2025-55077

Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment...

PT-2025-32259 · Undefined · Undefined

CVE-2025-54980 - Adobe Flash Player Arbitrary Command Execution CVE ID : CVE-2025-54980 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

CVE-2025-54564

uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user...

GO-2025-3793 File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser

File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser...

CVE-2023-53158

CVE-2023-53158 affects the Rust crate gix-transport (before 0.36.1). The issue enables command execution via the substring gix clone 'ssh://-oProxyCommand=open$IFS', i.e., an SSH command injection. Impact details in sources indicate local attack vector with low confidentiality/integrity impact an...

CVE-2025-54416

tj-actions/branch-names is a Github actions repository that contains workflows to retrieve branch or tag names with support for all events. In versions 8.2.1 and below, a critical vulnerability has been identified in the tj-actions/branch-names' GitHub Action workflow which allows arbitrary comma...

PT-2025-30279 · Commscope · Ruckus Zonedirector +1

Name of the Vulnerable Software and Affected Versions: CommScope Ruckus Unleashed versions prior to 200.15.6.212.14 and 200.17.7.0.139 CommScope Ruckus ZoneDirector versions prior to 10.5.1.0.279 Description: A hidden debug script .ap debug.sh invoked from the restricted command-line interface do...

SUSE-SU-2025:02295-1 Security update for go1.24

This update for go1.24 fixes the following issues: - Update to version go1.24.5 - CVE-2025-4674: Fixed potential command execution in untrusted VCS repositories. bsc1246118...

Improper Command Execution Control

github.com/filebrowser/filebrowser is vulnerable to improper command execution control. The vulnerability is due to the misuse of the command execution feature that relies on a predefined allowlist, which can be bypassed using standard commands that support subcommand execution, allowing attacker...